14 DAY TRIAL // Phishers have begun spoofing Facebook Security within rogue private messages in order to trick users into exposing their login credentials.
The Facebook Secuity page is used by the social networking site to issue important security-related announcements and advices to users. It has over 3.7 million fans.
Giving its popularity and importance it was bound for cybercriminals to try and exploit it sooner or later.
According to researchers from antivirus vendor Trend Micro, recent phishing attacks do just that via fake private messages sent in the name of the Facebook Security team.
These messages inform people their accounts were accessed from another location and asks them to review their activity immediately.
"Reviewing your activity requires only a few moments. We'll start by asking a few questions to confirm that this is your account. (If we recognize your computer, you will be able to skip this step).
"Please verify your account within 24 hours, if you inore then we will block this account for your security," the fake messages warn.
In addition to Facebook Security's popularity and credibility, the phishers are piggybacking on a legitimate feature introduced by the social networking site last year to protect accounts.
The site allows users to register devices they commonly use to log in with and opt to be alerted when someone attempts to authenticate from a device that isn't on the list.
The rogue private messages generated by this phishing attack advertise an URL that takes users to a fake login page asking them for both their Facebook and email login credentials.
Security researchers note that the fake profiles used to send the phishing messages use the Facebook Security name written with diacritics.
As always, users are advised to exercise caution when opening links received via email or social networking, regardless if they appear to originate from a legitimate source or not.